<?php
class Linkdir_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract{
	public function preDispatch(Zend_Controller_Request_Abstract $request){
		//setup acl
		$acl=new Zend_Acl();
		//add roles
		$acl->addRole(new Zend_Acl_Role('guest'));
		$acl->addRole(new Zend_Acl_Role('admin'),'guest');
		//add resources
		$acl->add(new Zend_Acl_Resource('index'));
		$acl->add(new Zend_Acl_Resource('error'));
		$acl->add(new Zend_Acl_Resource('admin'));
		$acl->add(new Zend_Acl_Resource('link'));
		$acl->add(new Zend_Acl_Resource('user'));
		$acl->add(new Zend_Acl_Resource('widget'));
		$acl->add(new Zend_Acl_Resource('settings'));
		//setup access rules
		$acl->allow(null,array('index','error'));
		$acl->allow('guest','link',array('index','list','thnx','verify'));
		$acl->allow('guest','user',array('login','logout'));
		$acl->allow('admin',null);
		//fetch current user
		$auth=Zend_Auth::getInstance();
		if($auth->hasIdentity()){
			$identity=$auth->getIdentity();
			$role=strtolower($identity->role);
		}else{
			$role='guest';
		}
		$controller=$request->controller;
		$action=$request->action;
		if(!$acl->isAllowed($role,$controller,$action)){
		if($role=='guest'){
			$request->setControllerName('user');
			$request->setActionName('login');		
		}else{
			$request->setControllerName('error');
			$request->setActionName('error');
		}
	}
}
}
?>